Covid 19 came smashing through the country and all recreational education courses came to a grinding halt. The whole situation made me rethink my future; What career field is in demand? Where could I get training? Can I do it on a budget? Would this secure my future? So many questions firing around in my brain, I needed to use my time wisely, research potential new routes and options available to me. On the second day of furlough, sitting at home with the laptop open. I scrolled past an advert for a HNC in Cyber Security, I kept scrolling. Then it hit me, "I could get a job in Cyber Security!" Looking back through my feed, it came back into view. The advert was from a former instructor, who had taken me through the licensing for Physical Security and CCTV Operator a number of years prior. It stated they had received funding from the Scottish Government to provide access to education and a Higher National Certificate in Cyber Security for people who are under-employed. To qualify, all that was required was to tick two boxes from a list of under-employed sectors of society. As a Military Veteran on a low income, I qualified and decided to contact my former instructor. For those of you not in the UK, a HNC is two levels below a Bachelor’s Degree and normally the first qualification received at any University in the UK.
Within three days, my spot on the course was secured and I immediately got stuck into the content of the modules. There were 8 different modules, all relating to different areas of Computer Science and Cyber Security. Starting off with Computer Architecture and Networking, moving on to Digital Forensics, Penetration Testing and Professional Ethics. The requirements were tough! This level of education was far beyond what I had experienced prior to this stage in my life. I was used to being given all of the content required for a subject and going away to remember it before being assessed. This was different, we were expected to receive the basics of the subject and to research it to an advanced level. I did struggle with this. We were never given a clear roadmap for the requirements of the actual assessments. Often they asked questions as if they had been plucked out of thin air by the assessor. Having plenty of time on my hands enabled hyper focus, with the support of my tutor and personal grit I progressed to the final exam four months later. My results came through and I had passed with an 'A' in the graded exam. This blew my mind! Having never wanted to progress into higher education, this possibility was beyond my expectations. I've always been clever but never focused on furthering my education as an adult. Where could I go from here? Should I do a degree? Do I go for a job? I settled for trying to find a job and would look at a degree further down the line if my career required it. I wanted out of my current job and didn't want to wait around for a few more years while studying.
Receiving a call from my boss; the position was now required again and I should return to work. This helped with my finances but it wasn't the job I wanted. I would look for employment within the Cyber Security field and apply for as many jobs as I had recently qualified for. Looking through the job descriptions on job boards filled me with disappointment. After signing up for this course and putting so much effort into getting a good grade and attaining as much knowledge as possible, I thought I'd land a job straight away. There was after all a skills gap and 3.1 million empty Cyber Security positions across the planet. The vast majority of Cyber Security jobs required certifications and lots of experience. Researching the field a little further (Something I should have done at the very start) I found that the very basic level of a Cyber Security job required CompTIA Security+ and slightly more senior jobs required actual certifications in each specific area of Cyber work. Of the thirty six jobs I applied to; I received only two interviews. I hit a brick wall with these as they wanted someone who had more experience, even though these were basic level desktop support and network infrastructure jobs with the local council. In this case, my ladder was not the correct one.
Having watched a great deal of Cyber Security content on YouTube while researching subjects for my course, I found a vast array of information on Networking in Technology and Cyber. These videos were stating that one of the best ways to get a Cyber Security job was to build your network on social media platforms such as LinkedIn. There was a challenge to get one thousand meaningful connections on the business social network. Loving the challenge, I focused my energy on in my spare time to build my network. Connecting with industry leaders, hiring managers, cyber security content creators and professionals from across the globe. It was eye opening! I found a whole new route into Cyber and the brick wall began to look a little less tall. One of the best things about this process was networking with other students. Being able to bounce ideas off others and giving help to them where I could.
I wanted to be a penetration tester, like everyone does; it's a cool and exciting job, paid very well and I'd get to be a hacker! Understanding this was a deeply skilled field and required further training, I set out with a renewed enthusiasm but level head. I was Looking for budget training courses on CompTIA Sec+ and eventually found a course on an online training platform discounted to £30, a price I could afford. I signed up and began working through. Taking methodical notes and cramming as much into my head as I could. As a basic course, it's not a very deep level of knowledge but it was vast! The content was nineteen hours of videos and each video was normally around the four or five minute mark. From starting the course to receiving a passing grade on the exam, it took three months. Having to fit learning in while working twelve hour shifts was a struggle but taking the ladder a step at a time helped me see the top of the wall fairly quickly.
During the course I learned about Governance, Risk Management and Compliance (GRC). This sparked my interest, as a potential route into Cyber that I had not previously thought about. My background in the military had been in the administration of hundreds of personnel. Policy and Procedure writing had been one of my main tasks. I had enjoyed that and was fairly good at it. Not being a touch typist might have made me slower than some but my skill on a keyboard wasn't too bad. Digging deeper into regulations such as NIST, ISO 27001 and EU GDPR opened my eyes further. For my current job in CCTV Operations, knowledge of the UK Data Protection Act was required. The DPA was the UK's version of EU GDPR and I could relate that knowledge to these different security frameworks! I just found my ladder into Cyber.
Being a member of British Military Veterans group "TechVets", gave me access to some excellent training resources such as Immersive Labs and numerous vendor specific career training paths. Unfortunately they didn't have anything GRC related for further certification however they did point me in the direction of a company who provided free training in ISO 27001 and EU GDPR. All I would have to do is pay for the exams. This I could do! I signed up for the ISO 27001 Foundation course and EU GDPR. This ladder felt like the correct selection for me. Finally a route I think is within reach and I can utilise my previous experience to help get a job. I applied for as many GRC jobs as I could. Receiving invites to interview from six companies, including a global shipping company and a tech start-up.
One of the companies was local to me, had a great platform and looked to suit my ethics and ethos. I was super excited to have been asked to carry out an assessment of my skills as a second stage of the application process. The task was to set out a plan of how I would take a fictional company through ISO 27001 certification. They asked for us not to take longer than two hours to put together a document showing our process. After eight hours of studying and writing, my submission was complete. I had gone way over the top, writing 8 pages of information on how I would take the company through its certification. We went through my submission in the 3rd stage interview. The answers on this subject were great and I was confident of an impending job offer. A couple of days later, a new email notification popped up on my phone. We regret to inform you that you were not selected for the position...... I was gutted. The company had chosen to go with someone who had more experience than me. They provided the following feedback:
“Your consideration towards the take-home task was genuinely astounding.”
“We remain convinced that you would be an absolute joy to have in any organisation.”
I absolutely blew them away with my personality, determination and knowledge but they chose to go with someone else because of my lack of experience. Yet again, my ladder was too short. I needed a few extra rungs there. It is the right ladder, it just needs to grow! How was I going to get this experience if nobody would give me a chance to prove myself?